Prominent figures including OpenAI CTO fell victim to SIM swapping attacks

In recent years, SIM swapping has emerged as a popular option for threat actors looking to gain unauthorized access to people’s phones and steal their hard-earned money. Now, according to a report from crypto detective ZachXBT, several high-profile personalities and institutions have fallen victim to SIM-swapping attacks, resulting in a collective loss of a staggering $13 million.

Prominent figures, including Mira Murati (OpenAI’s CTO), Daniel Alegre (CEO of Bored Ape), the Aptos Foundation, Stellar Development Foundation, Bryan Pellegrino (LayerZero’s CEO), Garry Tan (Y Combinator’s CEO), along with Pleasr DAO, and Peter Schiff, have fallen victim to SIM swap attacks this year. Additionally, even Bart Stephens, the founder of Blockchain Capital and an early investor in Coinbase and Kraken, suffered a significant loss of $6.3 million in a recent attack.

So, what exactly is SIM swapping?

As the name suggests, these attacks involve threat actors exploiting vulnerabilities within cellular providers’ systems, manipulating them into transferring victims’ phone numbers to new SIM cards under the attackers’ control. Once achieved, cybercriminals gain full access to the target’s calls, texts, and online activities, rendering the original SIM card obsolete.

Additionally, what makes these attacks even more concerning is the minimal requirement for hacking expertise. This is because threat actors only need personal data obtainable from social media, illicit online markets, or phishing scams to convincingly assume the identity of their targets.

Indicators of such an attack include unfamiliar calls and messages regarding changes in cellular service, as well as loss of account access on your device. Unfortunately, victims of the attack often remain oblivious until threat actors do considerable damage, which may involve password resets, deactivation of two-factor authentication, and unauthorized access to sensitive banking accounts. Therefore, if you ever see any of the mentioned signs, then the best course of action would be to contact your carrier.

Protecting from such attacks?

Although it’s not possible to completely shield themselves from such attacks, users can adopt certain measures to enhance their protection. These include utilizing built-in security features such as PINs and passwords for additional layers of defence and employing your carrier’s “Number Lock” feature, which would lock your phone number with them, thus disabling unauthorized transfers.